In general, a control computer for a machine may be, for example, an operating computer that is separate from the machine or integrated as part of the machine itself (e.g., using programmable logic controllers and/or numerical control (NC)). The PLC can be responsible for controlling sensors and/or actuators in the machine that are used in a machining process. Sensors can detect, e.g., the distance of a laser head to the metal to be machined, the laser power, or punch pressure, whereas the actuators are controlled, e.g., to keep a constant distance between laser head and metal or constant laser power. The NC interprets an NC program to drive the machine's axes (e.g., laser axes or axes associated with a work product holder) with precise paths, speeds or order in addition to turning on or off machine components.
Due to the global orientation of modern machine tool and laser manufacturers having customers and machine operators all over the world, the maintenance, error diagnosis, software update and, if necessary, repair of the delivered machine tools and lasers (summarized under the term “machines” below) is preferably available not only directly on site but also by remote access (teleservice). As of the filing of this application, no economical alternative to remote maintenance for machine tool and laser manufacturers is known. However, the operators of modern production plants are used to problems such as systems being disabled by computer viruses or Trojans. An increasing number of networks in industrial production plants can lead to an increase in the potentially dangerous problems associated with those networks. To address these problems, operators have taken steps such as to stop unsafe remote maintenance solutions and/or devise extensive safety requirements. However, this can have serious consequences for machine tool and laser manufacturers, particularly if many of their customers each devise their own custom safety standard for remote access, there will be many variants depending on the type of dial-in connection (modem, ISDN, Internet, GSM, UMTS) over various virtual private networks (VPN) standards for data connection to a range of compulsory virus scanners and firewalls.
In order to benefit from the possibilities of teleservice, a remote connection should be safe, reliable and free of disturbances. Previously connections were commonly established through direct dialing-in from a service computer via an analog modem or an ISDN connection, whereas more recently the demand for modern communication technology, the so-called VPN, has increased. A VPN is a computer network that uses a public communication network, for example the Internet, for transporting private data, in which the connection via the public network is normally encrypted. By means of encryption, a network connection is established, which can be accessed by matching addresses and passwords such that only authorized users can communicate with each other. VPN consequently can allow safe transmission via an unsafe network.
The Internet is also useful as a central medium for teleservice in the field of automation technology. Firewall and VPN systems help to render the use of the Internet safe. In addition to the considerably improved safety, IP (Internet Protocol)-based remote maintenance connections offer a substantially higher bandwidth than the conventional modem connection. The Internet offers broad-band transmission of a large amount of data, including transmission of video information, e.g., in case of distributed monitoring systems.
In some cases, companies extend their firewall gateways to VPN portals, through which the machine tool and laser manufacturers have remote access to delivered machine tools and lasers. In this connection, the machine tool and laser manufacturers are typically required to remove the local modems and ISDN accesses of their machine tools and lasers. In the meantime, some companies have started to define access defaults that are not standardized. In addition to VPN they also use other authentication methods such as e.g. Caller-ID, Preshared Keys, One Time Password or SecureID or special hardware.
Remote access via VPN can place great demands on the infrastructure and safety. The fact that remote access via VPN depends on the technology used by the machine operator is particularly problematic. Machine tool and laser manufacturers have not established a simple universal solution due, at least in part, to the fact that it has not been possible up to now to use different pieces of VPN client software (e.g., CISCO VPN Client and Checkpoint VPN Client) at the same time within, for example, one operating system or a service computer of a service member. Depending on the VPN solution used by the machine operator, a different VPN client, and therefore an independent computer, may be required. Corresponding problems result when the machine operator requires further access defaults and dialing-in technologies, e.g., remote access service via ISDN or via modem. Further problems result when sensitive (access) data of the machine operator is locally stored on service computers of service members. This data is only insufficiently protected against attacks from the Internet or in case a service computer is stolen.
The product life cycles of hardware components that are used in operating computers for controlling machines are generally considerably shorter than the product life cycles of the machines and the software that is used (e.g. machine operating software). The limited availability of hardware components generally results in a diversity of variants of the utilized operating computer hardware during the life cycle of a machine type. These different hardware variants should be taken into consideration and be supported by software when the machine operating software is updated. A hardware change generally also entails software changes (e.g., a change in one or more drivers). Consequently, the software developers should take great care to ensure that all hardware variants that are used are also software-supported. Major modifications are continually required, since certain drivers for new hardware are only supported in up-to-date operating systems. This generally requires an upgrade of the operating system. The dependencies of the different software components of a machine require repeated compulsory exchange of further components (e.g., NC kernel hardware and software) in case no compatible hardware is available when replacement parts are required. Additionally, modern encryption systems often only function with up-to-date operating systems and cannot typically be used with older operating systems such as Windows 3.11. Accordingly, in order to keep the security at the most recent level, a modern operating system should be installed on the operating computer.